After completing this chapter, you will be able to:
•Describe the role of an ethical hacker •Describe what you can do legally as an ethical hacker •Describe what you can’t do as an ethical hacker
Hands-On Ethical Hacking and Network Defense, 3rd 2
Edition Introduction to Ethical Hacking • Ethical hackers – Hired by companies to perform penetration tests • Penetration test – Attempt to break into a company’s network to find the weakest link • Vulnerability assessment – Tester attempts to enumerate all vulnerabilities found in an application or on a system • Security test – Besides a break in attempt; includes analyzing company’s security policy and procedures Hands-On Ethical Hacking and Network Defense, 3rd 3 Edition The Role of Security and Penetration Testers • Hackers – Access computer system or network without authorization • Breaks the law; can go to prison • Crackers – Break into systems to steal or destroy data • U.S. Department of Justice calls both hackers • Ethical hacker – Performs most of the same activities with owner’s permission
Hands-On Ethical Hacking and Network Defense, 3rd 4
Edition The Role of Security and Penetration Testers • Script kiddies or packet monkeys – Younger, inexperienced hackers who copy codes from knowledgeable hackers • Programming languages used by experienced penetration testers – Python, Ruby, Practical Extraction and Report Language (Perl), C language • Script – Set of instructions – Runs in sequence to perform tasks
Hands-On Ethical Hacking and Network Defense, 3rd 5
Edition The Role of Security and Penetration Testers • Hacktivist – A person who hacks computer systems for political or social reasons • Penetration testers usually have: – A laptop computer with multiple OSs and hacking tools
Hands-On Ethical Hacking and Network Defense, 3rd 6
Edition The Role of Security and Penetration Testers • Job requirements for a penetration tester might include: – Perform vulnerability, attack, and penetration assessments in Intranet and wireless environments – Perform discovery and scanning for open ports – Apply appropriate exploits to gain access – Participate in activities involving application penetration – Produce reports documenting discoveries – Debrief with the client at the conclusion
Hands-On Ethical Hacking and Network Defense, 3rd 7
Edition Penetration-Testing Methodologies • White box model – Tester is told about network topology and technology • May be given a floor plan – Tester is permitted to interview IT personnel and company employees • Makes tester’s job a little easier • Black box model – Staff does not know about the test – Tester is not given details about technologies used • Burden is on tester to find details – Tests security personnel’s ability to detect an attack Hands-On Ethical Hacking and Network Defense, 3rd 8 Edition Penetration-Testing Methodologies • Gray box model – Hybrid of the white and black box models – Company gives tester partial information (e.g., OSs are used, but no network diagrams) • Black box model – No information is provided except IP address.
• White box model
– Additional access to the code level access – Required Role based credentials – ETC Hands-On Ethical Hacking and Network Defense, 3rd 9 Edition Certification Programs for Network Security Personnel • Certification programs – Available in almost every area of network security • Minimum certification – CompTIA Security+ or equivalent knowledge • Prerequisite for Security+ certification is CompTIA Network+
Hands-On Ethical Hacking and Network Defense, 3rd 10
Edition Offensive Security Certified Professional • OSCP – An advanced certification that requires students to demonstrate hands-on abilities to earn their certificates – Covers network and application exploits – Gives students experience in developing rudimentary buffer overflows, writing scripts to collect and manipulate data, and trying exploits on vulnerable systems
Hands-On Ethical Hacking and Network Defense, 3rd 11
Edition Certified Ethical Hacker • Developed by the International Council of Electronic Commerce Consultants (EC-Council) – Based on 22 domains (subject areas) – Web site: www.eccouncil.org • Most likely be placed on a team that conducts penetration tests – Called a Red team • Conducts penetration tests • Composed of people with varied skills • Unlikely that one person will perform all tests
Hands-On Ethical Hacking and Network Defense, 3rd 12
Edition OSSTMM Professional Security Tester (OPST) • Open Source Security Testing Methodology Manual (OSSTMM) Professional Security Tester – Designated by the Institute for Security and Open Methodologies (ISECOM) – Based on Open Source Security Testing Methodology Manual (OSSTMM) • Written by Peter Herzog – Five main topics (i.e., professional, enumeration, assessments, application, and verification) – Web site: www.isecom.org
Hands-On Ethical Hacking and Network Defense, 3rd 13
Edition Certified Information Systems Security Professional • CISSP – Issued by the International Information Systems Security Certification Consortium (ISC2) – Not geared toward technical IT professionals – Tests security-related managerial skills • Usually more concerned with policies and procedures – Consists of ten domains – Web site: www.isc2.org
Hands-On Ethical Hacking and Network Defense, 3rd 14
Edition SANS Institute • SysAdmin, Audit, Network, Security (SANS) Institute – Offers training and IT security certifications through Global Information Assurance Certification (GIAC) • Top 25 Software Errors list – One of the most popular SANS Institute documents – Details most common network exploits – Suggests ways of correcting vulnerabilities – Web site: www.sans.org
Hands-On Ethical Hacking and Network Defense, 3rd 15
Edition Which Certification is Best? • Penetration testers and security testers – Need technical skills to perform duties effectively – Must also have: • A good understanding of networks and the role of management in an organization • Skills in writing and verbal communication • Desire to continue learning • Danger of certification exams – Some participants simply memorize terminology • Don’t have a good grasp of subject matter
Hands-On Ethical Hacking and Network Defense, 3rd 16
Edition What Can You Do Legally • Laws involving technology change as rapidly as technology itself – Keep abreast of what’s happening in your area • Find out what is legal for you locally – Be aware of what is allowed and what you should not or cannot do • Laws vary from state to state and country to country – Example: In some states, the possession of lockpicking tools constitutes a crime
Hands-On Ethical Hacking and Network Defense, 3rd 17
Edition Laws of the Land • Some hacking tools on your computer might be illegal – Contact local law enforcement agencies before installing hacking tools • Laws are written to protect society – Written words are open to interpretation – Example: In Hawaii, the state must prove the person charged had the “intent to commit a crime” • Government is getting more serious about cybercrime punishment
Hands-On Ethical Hacking and Network Defense, 3rd 18
Edition Laws of the Land
Table 1-1 An overview of recent hacking cases (continues)
Hands-On Ethical Hacking and Network Defense, 3rd 19
Edition Laws of the Land
Table 1-1 An overview of recent hacking cases (cont’d)
Hands-On Ethical Hacking and Network Defense, 3rd 20
Edition Laws of the Land • Electronic Transaction Act 2063 - Nepal – Initially developed for PKI establishment
Hands-On Ethical Hacking and Network Defense, 3rd 21
Edition Is Port Scanning Legal? • Some states consider it legal – Not always the case – Be prudent before using penetration-testing tools • Federal government does not see it as a violation – Allows each state to address it separately • Research state laws • Read your ISP’s “Acceptable Use Policy”
Hands-On Ethical Hacking and Network Defense, 3rd 22
Edition Is Port Scanning Legal?
Figure 1-2 An example of an acceptable use policy
Hands-On Ethical Hacking and Network Defense, 3rd 23
Edition Is Port Scanning Legal? • IRC “bot” – Program that sends automatic responses to users – Gives the appearance of a person being present • Some ISP’s may prohibit the use of IRC bots
Hands-On Ethical Hacking and Network Defense, 3rd 24
Edition What You Cannot Do Legally • Illegal actions: – Accessing a computer without permission – Destroying data without permission – Copying information without permission – Installing viruses that deny users access to network resources • Be careful your actions do not prevent client’s employees from doing their jobs
Hands-On Ethical Hacking and Network Defense, 3rd 25
Edition Get It In Writing • Using a contract is good business – May be useful in court • Books on working as an independent contractor – Getting Started as an Independent Computer Consultant by Mitch Paioff and Melanie Mulhall – The Consulting Bible: Everything You Need to Know to Create and Expand a Seven-Figure Consulting Practice by Alan Weiss • Internet can also be a helpful resource – Free modifiable templates • Have an attorney read your contract before signing Hands-On Ethical Hacking and Network Defense, 3rd 26 Edition Ethical Hacking in a Nutshell • Skills needed to be a security tester – Knowledge of network and computer technology – Ability to communicate with management and IT personnel – An understanding of the laws in your location – Ability to apply necessary tools to perform your tasks – Communication and Writing Skills
Hands-On Ethical Hacking and Network Defense, 3rd 27
Edition Summary • Companies hire ethical hackers to perform penetration tests – Penetration tests discover vulnerabilities in a network – Security tests are performed by a team of people with varied skills • Penetration test models – White box model – Black box model – Gray box model
Hands-On Ethical Hacking and Network Defense, 3rd 28
Edition Summary • Security testers can earn certifications – CEH – CISSP – OPST • As a security tester, be aware – What you are legally allowed or not allowed to do • ISPs may have an acceptable use policy – May limit ability to use tools
Hands-On Ethical Hacking and Network Defense, 3rd 29
Edition Summary • Laws should be understood before conducting a security test – Federal laws – State laws • Get it in writing – Use a contract – Have an attorney read the contract • Understand tools available to conduct security tests – Learning how to use them should be a focused and methodical process
Hands-On Ethical Hacking and Network Defense, 3rd 30